CVE-2004-2320

CVSS V2 Medium 5.8 CVSS V3 None

Description

The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.

Overview

CVE ID
CVE-2004-2320

Assigner
cve@mitre.org

Vulnerability Status
Modified

Published Version
2004-12-31T05:00:00

Last Modified Date
2017-07-11T01:31:47

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
cpe:2.3:a:bea:weblogic_server:5.1:sp2::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1::express:::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp1:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp2:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp1:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1::win32:::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp2:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp10::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp1::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp3::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp10:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp1:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp3:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp1:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp10:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp3:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp11::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp10::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp4::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp10:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp11:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp4:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp11:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp10:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp4:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp11::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp12::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp5::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp11:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp12:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp5:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp11:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp12:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp5:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp12::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp13::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp6::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp12:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp13:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp6:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp12:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp13:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp6:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp2::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp13::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp7::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp13:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp2:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp7:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp13:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp2:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp7:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp2::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp3::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp8::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp3:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp2:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp8:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp3:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp2:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp8:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp4::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp3::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp9::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp3:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp4:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp9:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp3:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp4:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp9:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp4::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp5::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:::::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp4:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp5:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1::express:::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp4:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp5:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1::win32:::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp6::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp5::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp1::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp6:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp5:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp5:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp6:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp7::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp6::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp2::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp7:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp6:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp6:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp7:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp7::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp8::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp3::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp8:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp7:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp7:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp8:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp8::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp9::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp4::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp8:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp9:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp8:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp9:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp9::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:::::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp5::::::	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp9:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1::express:::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:5.1:sp9:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1::win32:::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:::::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp1::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp6::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1::express:::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1::win32:::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:::::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp2::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp1::::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0::express:::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0::win32:::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp1::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp2::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp3::::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp2::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp4::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp3::::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp5::::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp3::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp4::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp6::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp4::::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp5::::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:::::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0::express:::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0::win32:::::	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:::::::*	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp6::::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp1::::::	1	OR
cpe:2.3:a:bea:weblogic_server:8.1::express:::::	1	OR
cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1::win32:::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:::::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp1::::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0::express:::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp2::::::	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0::win32:::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp1::::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp2::::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp3::::::	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp2::::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp4::::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp3::::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:::::::*	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1::express:::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp4::::::	1	OR
cpe:2.3:a:bea:weblogic_server:8.1::win32:::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp1::::::	1	OR
cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:::::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1::express:::::	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp2::::::	1	OR
cpe:2.3:a:bea:weblogic_server:8.1::win32:::::	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp1::::::	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp2::::::	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:::::*	1	OR
cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:M/Au:N/C:P/I:P/A:N

Access Vector
NETWORK

Access Compatibility
MEDIUM

Authentication
NONE

Confidentiality Impact
PARTIAL

Integrity Impact
PARTIAL

Availability Impact
NONE

Base Score
5.8

Severity
MEDIUM

Exploitability Score
8.6

Impact Score
4.9

References

Reference URL	Reference Tags
http://dev2dev.bea.com/pub/advisory/68	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/867593	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/9506	Patch
http://www.securitytracker.com/alerts/2004/Jan/1008866.html	Patch
http://www.osvdb.org/3726
http://secunia.com/advisories/10726	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/14959

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2004-2320
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2320

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 09:31:42				Added to TrackCVE